Category Started On Completed On Duration Cuckoo Version
FILE 2016-06-16 11:29:36 2016-06-16 11:39:55 619 seconds 1.2
Machine Label Manager Started On Shutdown On
WindowsXPSP3 WindowsXPSP3 VirtualBox 2016-06-16 11:29:36 2016-06-16 11:39:53

File Details

File name drozen3_malware4.exe
File size 92160 bytes
File type PE32 executable (console) Intel 80386, for MS Windows
CRC32 69AE5B9A
MD5 3801911ee016d714dec34741d43db692
SHA1 40828b621a5e33dc0f421269b96899f1093a6c99
SHA256 e125db616481b61c59b7e6ec61b23b9dfb98feb52224cf30c329eba04e6ca90f
SHA512 5173fd579bd08ad50f8a67acc6a02859cfbebaba9369caf2712cbf2f0ad4beb09b322259b9f0be086fcbe9918dca749dd28c630870ac6a6938d40007493fd259
Ssdeep 1536:beOmsWjcdWvVwYQzVOEYRyulfXzQLMZjoWjCiOanxNyMNMNGNDcUua41x:beOJWv+YQROEYRJLQSTnMNGNDcUV4
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2016-06-10 09:56:14
Detection Rate: 23/56 (Expand)

Signatures

No signatures matched

Screenshots

Static Analysis

Sections

Imports

Strings

Dropped Files

drozen3_malware4.exe

Network Analysis

Hosts Involved

Behavior Summary

Files
  • C:\DOCUME~1\cuckoo\LOCALS~1\Temp\drozen3_malware4.exe
Mutexes
  • DARKDDOSER
Registry Keys
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  • HKEY_CURRENT_USER\Software\Resilience Software
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Processes

registry filesystem process services network synchronization

drozen3_malware4.exe PID: 1992, Parent PID: 1908

iexplore.exe PID: 2020, Parent PID: 1992

iexplore.exe PID: 1316, Parent PID: 2020

Volatility

Nothing to display.